Microsoft Reveals Chinese Hackers’ Method in Recent Cyberattack

Microsoft has recently concluded its investigation into the Storm-0558 cyberattack, revealing the method used by the Chinese threat actor to infiltrate US government email accounts. Two months prior, a Chinese hacking group, Storm-0558, successfully breached over two dozen Microsoft email accounts. These accounts were associated with various Western organizations, including several US government agencies.

The hackers utilized a previously obtained Microsoft account (MSA) consumer key to forge tokens, thereby gaining access to OWA and The lingering question, however, was how the hackers managed to obtain this consumer key. Microsoft’s thorough investigation has now provided an answer. The key was found in a consumer signing system crash dump dating back to April 2021. Microsoft clarified that the crash dumps, which typically redact sensitive information, should not have included the signing key. In this instance, a race condition allowed the key to be present in the crash dump, an issue that has since been rectified.

The presence of the key material in the crash dump was not detected by Microsoft’s systems, another issue that has been addressed. Following the crash, the dump was transferred to Microsoft’s debugging environment on its internet-connected corporate network, a standard procedure in the company’s debugging process. However, this move exposed it to potential theft. In the months after the crash dump’s creation, a member of Storm-0558 managed to acquire a Microsoft corporate account belonging to an engineer. With access to the debugging environment, they were able to retrieve the crash dump from one of the endpoints.

Microsoft stated, “Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.” In response to the breach, Microsoft revoked all valid MSA signing keys, effectively locking out the hackers. This incident underscores the importance of stringent cybersecurity measures in the face of increasingly sophisticated threats.

Amanda Reynolds

Amanda Reynolds is a passionate writer who recently graduated from journalism school, ready to make her mark in the world of technology and gaming. With a deep love for both fields, Amanda possesses a unique ability to blend her technical knowledge with her exceptional storytelling skills, captivating readers with engaging and informative content. Having grown up immersed in the world of video games, Amanda developed a profound understanding of the intricate mechanics and immersive narratives that make gaming a compelling art form. Her extensive experience playing a wide variety of genres enables her to provide insightful analysis and reviews, highlighting the strengths and weaknesses of each game while delving into the larger cultural impact they have on society. In addition to gaming, Amanda's fascination with technology led her to explore the ever-evolving landscape of digital innovations. She stays up to date with the latest gadgets, software advancements, and tech trends, allowing her to translate complex concepts into accessible articles that resonate with readers of all backgrounds. Amanda's enthusiasm for technology extends beyond the mere product reviews, as she explores the transformative potential of emerging technologies like artificial intelligence, virtual reality, and blockchain.

View all posts by Amanda Reynolds →
%d bloggers like this: